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Figure 1 - Computer Object & Associated Attributes 
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Figure 3 - NetWare Protocols 
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Method & Apparatus To Update or 
Change A Network Directory 



5 Background 

The present invention relates to the management of distributed digital network directories, 
and particularly to providing dynamic updates to the computer programs supporting distributed 
directory services. 

10 Technological advances in miCTOclectronics and digital computing systems have resulted in 

the proliferation of digital computer networks, enabling the distribution of networking services 
across a wide range of computers participating in the network and over various communications 
media. Advances in distributing applications have also resulted in a client-server architecture for 
. applications. Under the architecture, the portions of the application that interaa with the user are 

1 5 typically separated from the portions of the application that fulfill client processing requests. 

TypicaUy, the portions of an appUcarion that interact with the user arc caUcd a client appUcarions 
or cUent software, whereas the portions of the application that service requests made by the client 
applications arc called a server applications or server software. In a network environment, the 
client applications and server applications are generally executed on different computers. 

- 20 Historically, distal networks in the form of local area networks, a physical collection of 

personal computers interconnected with network cabUng and network interface cards, comprised 
a single network server and multiple network clients. To manage which network clients could 
access the network server, as well as what files, printers, printer queues, and server applications 
were available to the network clients, the network server maintained information on each of the 
25 resources that were attached to the server, the identities of the network clients and users who 

could use the services of the network server, and the scope and nature of the services available to 
the network clients and users. 

As local area networks became more popular, networks grew in size requiring several 
servers to service the needs of users. With inaeascd size and complexity of networks, came the 
30 need for easier management of network servers. Users required access to an increasing number 
of services that were located on an increasing number of network servers. Several vendors oegan 

1 
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offerine networking servers. Each vendor implemented a different scheme of providing 
networking services informadon. In addinon. because of the way the server maintained 
informauon about only its networking services, each network server stiU required management of 
its resources independent of other network servers. 

This insular method of maintaining information of networking services fueled research and 
development of distributed networking directories that span networking servers. Thus far, 
research has resulted in several potential solutions. TTircc technologies currently hold greater 
promise for replacing the large number of insular, idiosyncratic directories that now liner many an 
enterprise's numerous local-area networks and electronic-mail systems. One of the more popular 
approaches exploits the X.500 distributed network information directory services protocol 
developed as published by the CCIT and Open Systems Interconnect consoruum. 

However, while the X.500 protocol appears to hold the greatest promise to provide a 
robust, distributed dircaory. the X.500 protocol has been slow to gain acceptance. The X.500 
protocol has been plagued from the stan with management, interoperability and security 
Foblems. The X.500 protocol specification describes a technical frameworic. interoperability 
requirements and compUance criteria but does not describe specific implementations. Thus many 
of the details of implementation have been left up to systems providers. 

The X.500 protocol specification describes a distributed directory. The directory provides 
information services to network clients. The information in the directory can be read as weU as 
20 modified by users who have applicable access rights. 

The information stored in the directory is stored in the fomi of a schema, a coUection of 
objects with associated attributes or properties tied together by their relationship to each otiicr. 
Figure 1 shows an object caUed "Computer" with a few associated attributes, such as owner, 
operator, status, etc. The values of the properties are not shown in the figure but an example of a 
value for "Owner" might be "Fred." Objects in the du-ectory and their names correspond to 
things that humans relate to when dealing with computers, namely, users, printers, print queues, 
networks and information. Objects such as countries, organizations, networks, people and 
computers are objects you might find in the directory as well. 
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The directory provides informadon to users by giving users a hierarchical view of all of the 
information contained in the directory. The hierarchical view is generally in the form of a tree. 
Figure 2 shows a directory. Each of the branches and tcnninadng points or leaves represent 
objects in the directory. Generally, implemcniadons of the directory organize objects in subtrees. 
5 partidons or domains. Figure 2 also shows the directory organized into partitions or domains. 
Multiple copies of each partition may be stored in the directory. Software schemas define and 
determine the number and types of replicas of each partition. 

Multiple replicas of a partition are needed to reduce network storage and traffic 
requirements and speed up dircaory searches. Replicas are stored in name servers. A name 
10 server is a computer in the network, usually a network server. More than one partition can be 
stored in a name server. Partitions stored in a name server need not be contiguous. 

The directory tree provides a logical means of searching for information. The tree is 
generally patterned after logical groupings such as organizations, organizational units, computers 
and users. These logical groupings, while extremely useful in helping users find relevant 
1 5 information also creates significant problems in managing the directory. 

Each partition forms a major subtree of the directory. Taken togetiier, the partitions form 
a hierarchical tree of partitions that leads back to a root partition containing the root directory. 
Where boundaries of two partitions meet, the partition closer lo the root is considered superior, 
and the partition fartiier from the root is considered subordinate. Thus, Figure 2, partitions E and 
20 C are subordinate to the other partitions. 

The present invention solves one of the problems associated with a distributed directory. 
As distributed directories become more popular, more and more users will rely on them for access 
to data and services. As user rely on directories more heavUy, the time in service of the directory 
will be critical. Users will not tolerate even a temporary shut down of the directory or a ponion 
25 of the directory. 



3 



<W0 9«1»4 7A1> 



wo 96/18947 PCT/US95/15959 

Summary of the Invention 

With the present invention the computer programs that provide the services associated 
with a distributed directory can be dynamically updated without a significant interruption in 
services. Time in service of the directory will thus increase, increasing user confidence in the 
directory. 

Brief Description of the Drawings 

The present invention may be more fully understood by reference to the following 
Detailed Description in conjunction with the Drawings, in which: 

Figure 1 shows a typical directory object a computer, with some of its associated 
attributes; 

Figure 2 shows a typical directory tree; 

Figure 3 shows the network protocol environment in which the present embodiment of the 
invention is implemented; and 

Figure 4 shows the software algorithm employed by the invention to dynamically update a 
directory services module without interruption of services. 

Detailed Description of the Invention 

The present embodiment of the invention. Novell's NetWare Directory Service or NDS, 
supports dynamically updating the computer programs that provide distributed digital directories. 
NDS operates in the NetWare network operating system environment. 

The invention is enabled through a NetWare Core Protocol verb. NDS design builds on 
several previously implemented capabilities of NetWare, including the NetWare Core Protocol 
C*NCP"). The first capability relevant to the invention is NetWare's native network layer 
protocol, IPX. IPX provides end-io-end datagram delivery over network media and over 
internetworks. 

NDS allows multiple independent name trees to coexist in the same internetwork without . 
interfering with each other. A rendezvous feature is defined allowing a client interested in a name 
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tree to locate MDS name servers. The rendezvous feature builds on another previously 
implemented capability of NetWare: SAP (Service Advertising Protocol). Routers in all installed 
NetWare intemerworks convey SAP information for client/server rendezvous. With NDS, SAP 
has a narrowly confined role: a client uses it to find its first NDS name server. 



5 The NCP sits above the network layer. Sec Figure 3. NCP supports many networking 

services, such as file services. Certain operations on an NCP connection are specific to NDS. 
Once an NCP connection exists, it can also convey NDS requests and replies. Because NDS uses 
messages that can be quite large, it employs a fragmentation protocol to convey an NDS message 
in (possibly) several NCP packets. 

10 Each NCP packet begins with a small message header that carries general status 

information about the current state of the connection between the client and the server. The client 
request header is seven bytes long, while a server's reply header is eight bytes long. As shown 
below, the RequestTypc variable defines the type of network request. A type of Ox 1 1 1 1 is 
reserved for connection allocation services; a type of 0x2222 is reserved for server request 

1 5 services; a type of 0x3333 is reserved for server responses; a type of 0x5555 is reserved for 
destroying connections; and a type of 0x9999 is reserved for work in progress responses. 
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Reload Verb 
0x2222 104 8 

Request Format 



Offset 


Content 




Type 


0 


RequestTypc 


(0x2222) 


WORD 


2 


SequenceNumber 


(LastSeq+1) 


BYTE 


3 


ConnectionHigh 


(ServiceConn) 


BYTE 


4 


TaskNumbcr 


(CurrentTaskNum) 


BYTE 


5 


ConnectionLow 


(ServiceConn) 


BYTE 


6 


FunctionCode 


(104) 


BYTE 


7 


SubFuncCode 


(08) 


BYTE 
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Reply Format 



Off^t 


Content 




Type 


0 


Reolv TvD€ 


(0x3333) 


WORD 


2 


SequenceNumber 


(LasiSeq+1) 


BYTE 


3 


ConnectionLow 


(ServiceConn) 


BYTE 


4 


TaskNumber 


(CurrentTaskNum) 


BYTE 


5 


ConnectionHigh 


(ServiceConn) 


BYTE 


6* 


CompleiionCode 


(Ccbde) 


BYTE 


7 


Connections tatus 


(StanisFlag) 


BYTE 


8 


NDSErrorCode 


(NDSError) 


4 BYTES 


12 


Reserved 




4 BYTES 



1 5 The sequence number maintains a numeric counter for all incoming requests to provide 

reply prioritization. The ConnectionLow and the ConnectionHigh numbers identify a particular 
service connection between the client and the server. The TaskNumber distinguishes which 
client process or thread is making the request to the server. 

The present embodiment of the invention uses the Reload Directory Services NCP. The 
20 Reload Directory Services NCP allows the principal computer program that provides directory- 
services in the NetWare environment, DS.NLM, to be replaced on disk and reloaded in a server 
while that server is active and while other computer programs, NetWare Loadable Modules or 
NLMs in the NetWare environment, of the server are actively referencing NDS entry points. 

Three NLMs are involved. The DSLOADER.NLM contains the directory entry points to 
25 which all other NLMs actually link, including the current DS.NLM in memory and a new 
DS.NLM on disk which is to replace the current DS.NLM. 

Referring to Figure 4 and the code segments provided in Tables .... the dynamic update 
aspect of the invention is performed by two threads of execution within the NetWare operating 
system. The first thread (A) is the thread that begins servicing the NCP request, the other thread 
30 (B) is started by thread (A) to complete the reload of the new DS.NLM. The replacement 
algorithm is as follows: 

1 . Thread (A) receives the RELOAD NLM NCP request in a function that is part of the 
currently loaded DS.NLM. 

35 



3NSOOC10 <WO 96te947A1 



6 

suBsmruTE sheet (rule 25) 



wo 96/18947 



PCTAJS95/15959 



2. Thread (A) checks the client authorization. 

3. If the client has proper authorization, usually the highest level of security clearance 
5 allowed by the system, thread (A) caUs the OSLO ADER and requests a reload. 

4. Thread (A) renames the memory image of the cunendy loaded DS.NLM to 
DSOLD.^fLM. 

10 5. Thread (A) starts thread (B) and then waits until thread (B) reports whether or not the 
load was successful. 

6. Thread (B) calls the operating system to load the new DS.NLM. This loads the new 
DS.NLM and then calls DS.NLM's initialization function. 

7. While initializing the new DS.NLM, thread (B) reports the new DS.NLM version number 
to DSLOADER and retrieves from DSLOADER the DSOLD.NLM version number. The 
DSLOADER may reject the load with an error response or it may return the new 
DS.NLM version number. 

8. Thread (B) will abort the load on an enor from the loader, or if the new DS.NLM rejects 
the version number returned by DSLOADER. Thread (B) will indicate to thread (A) if it 
aborts or commit to continue the load. 

25 9. Thread (A) detects the abon or commit state transition from thread B. If the load is 
aborted thread (A) renames Uie DSOLD.NLM back to DS.NLM in memory. It then 
returns from the loader. 



20 



30 



10. The DSOLD.NLM replies to the NCP request. 

11. If Thread (B) commits to continue the load it waits for thread (A) to complete the 
response to the NCP, then it wUl unload DSOLD.NLM and continue with the initialization 
of the new DS.NLM. 

35 12. Thread B terminates itself. 
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Table 1 - Code Segments Implemendne Steps 1-3 and 10 
inc ReloadDSdnc conn) 
( 

inc err = 0, managesEncry ; 
THREADDATA td; 



10 



15 



20 



/• 1. begin servicing reload NCP */ 

if (err = DSAClientScart {TD_CHECK_OPEN, conn, -1, -1, &tdl ) 
recurn err; 

/* 2. check client authorization */ 
if ( IsSupervisor ( conn) 

II iterr = GlobalCheckManagement ( ServerlD () , ID_SELF, 

imanagesEntry , 0)) 

managesEntry ) 

err = DSLReload(DSModuleHandle () ) ; /* 3. call loader •/ 
else if { ! err) 

err = ERR_NO_ACCESS; 

/♦ 10. reply to the NCP •/ 
return DSAClientEnd ( err ) ; 
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30 
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Tabic 2 - Code Segments Implementing Steps 4-5 and 9 

int DSLReload(uint32 moduieHandle) 
( 

/• 4. rename DS.NLM to DSOLD.NLM •/ 

struct LoadDef initionStructure *mh = (struct LoadDef initionStructu: 
• ) moduieHandle; 

char savedNametsizeof (mh->LD?ileName) ] ; 
if t!mh) 

mh = (struct LoadDef initionStructure * ) registeredModule ; 
else if (moduieHandle != registeredModule) 
return £RR_ INVALID. REQUEST ; 

if (dslState != DSL.IDLE) 

return ERR.DS_LOADER_BUSY; 
dslState = DSL_ACTIVE; 
if (mh) 



{ 



) 



/♦ actual rename happens here */ 

CMov3(mh->LDFileName, savedName, sizeof ( savedName) ) ; 
CMovB(dyingNLMName, mh->LDFileName, sizeof (savedName) ) 



/* 5. start new thread and wait for state change */ 
aesReload.AWaJceUpDelay Amount = 0; 
aesReload.AProcessToCall = ReloadWoricer ; 
aesReload. ARTag = aesTag; 

ScheduleSleepAESProcessEvent (ftaesReload) ; 
while (dslState DSL_ACTIVE) 
CYieldWithDelay ( ) ; 



/* 9. detect state and rename DSOLD.NLM back to DS.NLM if abort •/ 
if (dslState =»= DSL.ABORTED) 



{ 



if (mh) 
{ 

CMovB ( savedName , mh- >LDFi leName , sizeof ( savedName ) i ; 
/• mh->LDFlag3 i= oldDontUnloadBit ; */ 

} 

dslState = DSL.IDLE; 
return loadError; 

} 

if (dslState == DSL_PROCEEDING) ' 
dslState = DSL.COMMITTED; 
return 0; 
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Table 3 - Code Fragments Implementing Step 6 and pan of 8 
void ReloadWorker (void) 

{ 

unsigned long oidModule = registeredModule ; 
if (dslStace != DSL_ACTIVE) 
recurn; 

/♦ 6. call load function ♦/ 
if {loadError » LoadDSNLM ( ) ) 

{ 

/♦ 3. indicate the abort state change •/ 
if {dslState DSL_ACTIVE) 

dsl State • DSL_ABORTED; 

. } 

else if (dslState «- DSL_CORPSE) 

{ 

if (oldModule) 

{ 

DelayMyself (18, timerTag) ; 
KillMe (oldModule) ; 

} 

dslState « DSL_rDLE; 

} 

} 



Table 4 - Code Fragments Implementing Step 7 and the Remainder of Step 8 

inc RegisterWithDSLoader (void) 
{ 

int err; 

uint32 dslVersion, loadedDSVersion ; 
int i ; 

/*...♦/ 

/♦ 7, negotiate versions with loader. Handle loader's rejection */ 
if (err = DSLNegotiateVersions (DSVersion ( ) , idslVersion, 
&loadedDSVersion) } 

return err; 

if ( !ACCEPTAaLE_DSLOADER_VSRSION (dslVersion) ) 

return ERR_INVALID_DS J/ERSION; /♦ reject the loader ♦/ 

/♦ 8, commit to load new NLM, this changes loader state ♦/ 
if (err « DSLRegister (DSModuieHandle O , DSVersionO, &ddsFuncs, 
&emuFuncs , 

OSCanUnload, DSUnload, idslMemTag, dslCommandLine) ) 
return err; 

/♦ continue NLM initializations ♦/ 
/*...♦/ 

return 0 ; 

) 
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Tabic 5 - Code Fragments Implemcndng DSLoader Response to Step 7 



10 



int DSLNegotiaceVer3ions(uint32 dsVersion, uint32 •dslVersion, 
uint3 2 TegisteredDSVersionl 

^ •dslVersion = INTERNAL.VERSION; 

♦regisceredDSVersion = registeredVersion; 

dsVersion = dsVersion; w^^^-^vi 

return ACCEPTABLE_DS.VERSION{dsVersion) ? 0: ERR_INVALID_DS.VERSiON ; 



As indicated by the above method, the computer programs providing services to a 
distributed directory can be dynamically updated without interruprion of directory services. Thus, 
15 critical directory related services can be updated and new service enhancements can be added 
without interruption. 

Although one embodiment of the invention has been illustrated and described, various 
, modifications and changes may be made by those skilled in the an without departing from the 
spirit and scope of the invention. 



20 
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Claims 

1. A method, in a computer network, of dynamically updating an old computer module with 
a new computer, comprising the steps of: 

5 a. receiving a request to update an old computer module; 

b. calling a loader computer module, which routes requests from the old computer 
module, having the basic functionality of the old computer module; 

c. loading a new computer module to replace the old computer module; and 

d. making active the new computer module and making inactive the old computer 
10 module. 

2. A method as recited in claim 1 . whereby the new computer module is a more current 
version of the old computer module. 

15 3. A method as recited in claim 1 , further comprising the step of: checking that the request to 
update has valid authorization prior to calling the loader computer module. 

4. A method as recited in claim 1, further comprising the step of: checking that the new 
computer module is compadble with the old computer module prior to unloading the old 

20 computer module. 

5. A method as recited in claim 1 , whereby the old and new computer modules are NetWare 
loadable modules. 

25 6. A method as recited in claim 1 , whereby the old and new computer modules provide 
directory services. 

7. A method, in a computer network, of dynamically updadng an old computer module with 
a new computer module, comprising the steps of: 
30 a. receiving a request to update an old computer module; 

b. calling a loader computer module, which routes requests from the old computer 
module, having the basic functionality of the old computer nKxlule; 

c. loading a new computer module to replace the old computer module; 
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d. checking that the new computer nx)dulc is compatible with the old computer 
module; and 

e. making active the new computer module and making inactive the old computer 

5 module if the new computer module is compatible with the old computer module. 

8. A method as recited in claim 7, whereby the new computer module is a more current 
version of the old computer module. 

10 9. A method as recited in claim 7, further comprising the step of: checking that the request to 
update has valid authorization prior to calling the loader computer module. 

10. A method as recited in claim 7. whereby the old and new computer modules are NetWare 
loadable modules. 

15 • 

11. A method as recited in claim 7. whereby the old and new computer modules provide 
directory services. 

12. A method of dynamically updating an old computer module being used on a server in a 
20 client/server network with a new computer module* comprising the steps of: 

a. receiving! a request to update an old computer module; 

b. calling a^loader computer module, which routes requests from the old computer 
module, fiaving the basic functionality of the old computer module: 

c. loading a new computer module to replace the old computer module; 

25 d. checking that the new computer module is compatible with the old computer 

module; and 

c. making active the new computer module and making inactive the old computer 
module if the new computer module is compatible with the old computer module. 

30 13. A method as recited in claim 12, whereby the new computer module is a more current 
version of the old computer module. 
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14. A mclhod as recited in claim 12, further comprising the step of: checking that the request 
to update has valid authorization prior to calling the loader computer module. 

15. A method as recited in claim 12, whereby the old and new computer modules arc 
NetWare loadable modules. 



16. A method as recited in claim 12, whereby the old and new computer modules provide 
directory services. 
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